September 29, 2016
A small, yet very sophisticated group of cyber-criminals named the Vendetta Brothers is behind numerous attacks on PoS systems and ATMs across the US and Scandinavian countries.
Because they lacked the resources to create and operate their own international cyber-crime syndicate, the group used Crime-as-a-Service (CaaS) offerings advertised on the Dark Web to create a modular cyber-crime operation, of which they were in control.
The group’s two members, known as “Insider” and “p0s3id0n,” hired other cyber-criminals to provide niche services, which they combined into a well-oiled cyber-crime machine that used to target point-of-sale (PoS) systems and ATMs across the US, Finland, Norway, Sweden, and Denmark.
Their activities looked like the regular operation of a normal business. The Vendetta Brothers would outsource the creation of malware and spear-phishing emails to other groups, while also entering partnerships with other cyber-criminals for all sorts of services.
For example, the two partnered with other hackers who had previously gained access to PoS systems. They paid these hackers for access to their terminals, where they infected the systems with their own PoS malware versions named VendettaPOS and CenterPoS.
The group wrote their own malware, but also outsourced most of the work. They also tried their hand at spamming victims and compromising PoS systems, but they also bought leads from other spam services from the Dark Web.